Recent years have brought significant changes in software development practices. The demand for continuous development has given rise to DevOps methodologies, which emphasise iterative and ongoing practices over sequential activities. Therefore, automation for development and operation practices have become widely adopted in enterprise scenarios, enabling individuals with different roles and responsibility to perform actions on the pipeline that regulate software development. With the automation of security measures and controls (DevSecOps), these actions and roles have gained increased importance and liability. The automation of security processes can lead to increased risk, both for the delivered product and the DevOps infrastructure as a whole.